We always
face issues when we have to configure certificates with TIBCO BW. This time we
have to migrate from TLS 1.0 to TLS 1.2. I am documenting my experience for
future references.
Scenario
In our scenario we have to interact/call a
third party application using SOAP over HTTPS using TLS 1.2. Certificates were provided
by the vendor, and following TIBCO release notes, the code migrated to TIBCO BW
5.13.0 (although TLS 1.2 is compatible with TIBCO BW5.12 onwards) from 5.11.x.
While
calling the third party application web service using “SOAP Request Reply” activity
we were facing Timeout issues. When the traffic over the network was monitored
using wireshark, it was noticed that, TIBCO was not using TLS v1.2 where as it
was using v1.0.
Resolution
By default
TIBCO BW 5.13 use TLS 1.0 for SSL communication, although it is compatible with
TLS 1.2. In order to make it work with TLS 1.2, a JAVA property need to add in the bwengine.tra file (located in <<TIBCO_HOME>>\bw\5.13\bin). Viz,
java.property.TIBCO_SECURITY_VENDOR=j2se
This is very
strange for us on that occasion as this information was nowhere mentioned in
the TIBCO BW document
No comments:
Post a Comment